From owner-freebsd-questions Wed Aug 9 11: 4:34 2000 Delivered-To: freebsd-questions@freebsd.org Received: from osiris.ipform.ru (osiris.ipform.ru [212.158.165.98]) by hub.freebsd.org (Postfix) with ESMTP id A267937BA1F for ; Wed, 9 Aug 2000 11:04:21 -0700 (PDT) (envelope-from matrix@ipform.ru) Received: from wp2 (wp2 [192.168.0.12]) by osiris.ipform.ru (8.9.3/8.9.3) with SMTP id WAA14173 for ; Wed, 9 Aug 2000 22:04:38 +0400 (MSD) (envelope-from matrix@ipform.ru) Message-ID: <000e01c0022b$afef03a0$0c00a8c0@ipform.ru> From: "Artem Koutchine" To: Subject: NGROUPS_MAX (apache in too many groups) Date: Wed, 9 Aug 2000 22:00:20 +0400 Organization: IP Form MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a very fundumental question! Let me begin from afar. I am running apache with suEXEC and using a very strict permission model, so no owner of a virtual server can peek into others' directories. for example: if user dir is /hosts/virtual.com then i do chown user_id.group_id /hosts/virtual.com chmod -R o-rwx /hosts/virtual.com where group_id is the users' personal group. in this group only this user and apache_user exist. Apache is running as apache_user.apache_group I worked very fine, until i added the 16-th virtual doman. After than i started to get "Apache is in too many groups" error and the newer domain do not work. What i have figured out is that user cannot be in more than 16 groups (apache user is in more than 16) usr/include/sys/syslimits.h: #define NGROUPS_MAX 16 /* max supplemental group id's */ Now, i could change this limit to, say, 2048, but when i thought about it i realized that 2048 groups would slow down file access pretty bad because of the plain text lookup. So, the questions are: 1) Why somebody put 16 in here? Can i change it to anything i like? 2) How to make group lookups using something faster than plain text scan? Regards, Artem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message